Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply the sanctioned fix for the cvs password problem from Mark D. Baushke.

This commit is contained in:
christos 2006-07-26 14:16:55 +00:00
parent 224c697f91
commit 3399020b04
3 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
gnu/dist/xcvs/src/client.c vendored
View File

@ -3935,9 +3935,8 @@ auth_server (root, lto_server, lfrom_server, verify_only, do_gssapi)
send_to_server(end, 0);
send_to_server("\012", 1);
/* Paranoia. */
memset (password, 0, strlen (password));
free (password);
free_cvs_password (password);
password = NULL;
# else /* ! AUTH_CLIENT_SUPPORT */
error (1, 0, "INTERNAL ERROR: This client does not support pserver authentication");
# endif /* AUTH_CLIENT_SUPPORT */

1
gnu/dist/xcvs/src/cvs.h vendored
View File

@ -927,6 +927,7 @@ char *descramble PROTO ((char *str));
#ifdef AUTH_CLIENT_SUPPORT
char *get_cvs_password PROTO((void));
void free_cvs_password PROTO((char *str));
int get_cvs_port_number PROTO((const cvsroot_t *root));
char *normalize_cvsroot PROTO((const cvsroot_t *root));
#endif /* AUTH_CLIENT_SUPPORT */

28
gnu/dist/xcvs/src/login.c vendored
View File

@ -566,18 +566,36 @@ login (argc, argv)
password_entry_operation (password_entry_add, current_parsed_root,
typed_password);
memset (typed_password, 0, strlen (typed_password));
free (typed_password);
free (cvs_password);
free_cvs_password (typed_password);
free (cvsroot_canonical);
cvs_password = NULL;
return 0;
}
/* Free the password returned by get_cvs_password() and also free the
* saved cvs_password if they are different pointers. Be paranoid
* about the in-memory copy of the password and overwrite it with zero
* bytes before doing the free().
*/
void
free_cvs_password (char *password)
{
if (password && password != cvs_password)
{
memset (password, 0, strlen (password));
free (password);
}
if (cvs_password)
{
memset (cvs_password, 0, strlen (cvs_password));
free (cvs_password);
cvs_password = NULL;
}
}
/* Returns the _scrambled_ password. The server must descramble
before hashing and comparing. If password file not found, or
password not found in the file, just return NULL. */